aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_ftp_server_engine.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_ftp_server_engine.php')
-rw-r--r--config/snort/snort_ftp_server_engine.php21
1 files changed, 12 insertions, 9 deletions
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php
index e70033e7..618c8d85 100644
--- a/config/snort/snort_ftp_server_engine.php
+++ b/config/snort/snort_ftp_server_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_ftp_server_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab any QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -85,7 +88,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['ftp_server_import']))
$_SESSION['ftp_server_import'] = array();
@@ -109,7 +112,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -191,7 +194,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine");
include_once("head.inc");
@@ -316,7 +319,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save ftp engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo